Inclusion of the "user" field in a modification #93

jricher · 2020-11-13T16:12:30Z

§5.3 Modifying an Existing Request: Editor's note:

This would allow the client to do things like gather the user's identifiers post-request, or gather an assertion from an on-device element that the AS can verify. It opens up potential avenues for trouble if the user here is different from the RO that's already showed up at the AS or race conditions if the RQ's identity changes mid-stream. But that said, this seems important for multi-log-in cases and the like, probably.

fimbault · 2022-06-29T14:13:02Z

We could include a warning, saying that the AS should check that it is indeed the same user, typically through validating the sub_id

yaronf · 2022-07-01T11:33:57Z

We could include a warning, saying that the AS should check that it is indeed the same user, typically through validating the sub_id

Please make it normative.

fimbault self-assigned this Jun 29, 2022

jricher mentioned this issue Jun 29, 2022

Added state diagram and discussion #427

Merged

jricher closed this as completed in #427 Jul 6, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Inclusion of the "user" field in a modification #93

Inclusion of the "user" field in a modification #93

jricher commented Nov 13, 2020

fimbault commented Jun 29, 2022

yaronf commented Jul 1, 2022

Inclusion of the "user" field in a modification #93

Inclusion of the "user" field in a modification #93

Comments

jricher commented Nov 13, 2020

fimbault commented Jun 29, 2022

yaronf commented Jul 1, 2022